diff options
Diffstat (limited to 'config')
| -rw-r--r-- | config/environment.rb | 2 | ||||
| -rw-r--r-- | config/environments/development.rb | 2 | ||||
| -rw-r--r-- | config/general.yml-example | 4 | ||||
| -rw-r--r-- | config/test.yml | 2 | ||||
| -rw-r--r-- | config/varnish-alaveteli.vcl | 24 |
5 files changed, 27 insertions, 7 deletions
diff --git a/config/environment.rb b/config/environment.rb index 7366179bf..b958c6475 100644 --- a/config/environment.rb +++ b/config/environment.rb @@ -135,7 +135,7 @@ require 'i18n_fixes.rb' require 'rack_quote_monkeypatch.rb' require 'world_foi_websites.rb' require 'alaveteli_external_command.rb' -require 'varnish_purge.rb' +require 'quiet_opener.rb' ExceptionNotification::Notifier.sender_address = MySociety::Config::get('EXCEPTION_NOTIFICATIONS_FROM') ExceptionNotification::Notifier.exception_recipients = MySociety::Config::get('EXCEPTION_NOTIFICATIONS_TO') diff --git a/config/environments/development.rb b/config/environments/development.rb index d5f2f5772..a1e8133a8 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -1,5 +1,7 @@ # Settings specified here will take precedence over those in config/environment.rb +config.log_level = :info + # In the development environment your application's code is reloaded on # every request. This slows down response time but is perfect for development # since you don't have to restart the webserver when you make code changes. diff --git a/config/general.yml-example b/config/general.yml-example index ed04e0fd5..84980c353 100644 --- a/config/general.yml-example +++ b/config/general.yml-example @@ -142,3 +142,7 @@ EXCEPTION_NOTIFICATIONS_TO: # This rate limiting can be turned off per-user via the admin interface MAX_REQUESTS_PER_USER_PER_DAY: 6 + +# This is used to work out where to send purge requests. Should be +# unset if you aren't running behind varnish +VARNISH_HOST: localhost diff --git a/config/test.yml b/config/test.yml index 991588f81..c35001747 100644 --- a/config/test.yml +++ b/config/test.yml @@ -124,4 +124,4 @@ EXCEPTION_NOTIFICATIONS_TO: MAX_REQUESTS_PER_USER_PER_DAY: 2 -VARNISH_URL: http://varnish +VARNISH_HOST: varnish.localdomain diff --git a/config/varnish-alaveteli.vcl b/config/varnish-alaveteli.vcl index 7eedf83fc..f81ec2295 100644 --- a/config/varnish-alaveteli.vcl +++ b/config/varnish-alaveteli.vcl @@ -9,12 +9,18 @@ backend default { .host = "127.0.0.1"; - .port = "80"; + .port = "3000"; .connect_timeout = 600s; .first_byte_timeout = 600s; .between_bytes_timeout = 600s; } +// set the servers alaveteli can issue a purge from +acl purge { + "localhost"; + "127.0.0.1"; +} + sub vcl_recv { # Handle IPv6 @@ -54,12 +60,13 @@ sub vcl_recv { req.request != "HEAD" && req.request != "POST" && req.request != "PUT" && + req.request != "PURGE" && req.request != "DELETE" ) { # We don't allow any other methods. error 405 "Method Not Allowed"; } - if (req.request != "GET" && req.request != "HEAD") { + if (req.request != "GET" && req.request != "HEAD" && req.request != "PURGE") { /* We only deal with GET and HEAD by default, the rest get passed direct to backend */ return (pass); } @@ -73,15 +80,21 @@ sub vcl_recv { if (req.http.Authorization || req.http.Cookie) { return (pass); } - # Let's have a little grace set req.grace = 30s; + # Handle PURGE requests + if (req.request == "PURGE") { + if (!client.ip ~ purge) { + error 405 "Not allowed."; + } + ban("obj.http.x-url ~ " + req.url); + error 200 "Banned"; + } return (lookup); } - sub vcl_fetch { - + set beresp.http.x-url = req.url; if (req.url ~ "\.(png|gif|jpg|jpeg|swf|css|js|rdf|ico|txt)(\?.*|)$") { # Ignore backend headers.. remove beresp.http.set-Cookie; @@ -94,3 +107,4 @@ sub vcl_fetch { return (deliver); } } + |